🛑 CISA and FDA have just issued urgent warnings about critical flaws in Contec CMS8000 and Epsimed MN-120 patient monitors.

Hackers could exploit these flaws to gain remote access to devices, overwrite files & even steal sensitive patient data.

Read: https://thehackernews.com/2025/01/cisa-and-fda-warn-of-critical-backdoor.html

🚨 Attack Alert: Cybercriminals are using bogus Google ads to direct Microsoft advertisers to phishing pages designed to capture login details and 2FA codes.

Over 630 phishing pages detected, with domains mostly hosted in Brazil.

Read the full report: https://thehackernews.com/2025/02/malvertising-scam-uses-fake-google-ads.html

🚨 WARNING: WhatsApp uncovers major spyware campaign targeting journalists!

➤ 90+ victims were attacked by Israeli firm Paragon Solutions.
➤ Zero-click spyware deployed via a PDF file—no action from the user needed

👉 Full story: https://thehackernews.com/2025/02/meta-confirms-zero-click-whatsapp.html

🔐 BeyondTrust’s breach compromised 17 Remote Support SaaS customers, caused by a compromised API key.

Attackers exploited a zero-day vulnerability in a third-party app to reset application passwords.

Federal agencies, including the U.S. Treasury, were affected by this breach.

Read the full report: https://thehackernews.com/2025/02/beyondtrust-zero-day-breach-exposes-17.html

🔥 BUSTED — 39 Cybercrime Domains Shut Down in Massive Global Takedown.

U.S. and Dutch law enforcement have just crippled a major fraud network responsible for over $3 million in scams, selling phishing kits, scam pages, and fraud tools.

Learn more: https://thehackernews.com/2025/02/us-and-dutch-authorities-dismantle-39.html

🛑 Cybercrime Alert: Crazy Evil Steals Millions!

A Russian-speaking cybercriminal gang has stolen over $5M using targeted social media scams.

They hijack Windows and macOS users with malware like StealC and AMOS to steal cryptocurrencies.

Learn more: https://thehackernews.com/2025/02/crazy-evil-gang-targets-crypto-with.html

⚠️ A new wave of attacks is hitting Brazilian Windows users with the Coyote Banking Trojan.

This malware targets over 1,000 financial sites and can steal your credentials, log your keystrokes, and even capture screenshots.

👉 Learn how Coyote works: https://thehackernews.com/2025/02/coyote-malware-expands-reach-now.html

🚨 Attack surfaces are growing faster than your security team can keep up. Attackers are always looking for new weak spots—often hidden until it’s too late.

Learn how Attack Surface Management (ASM) tools like Intruder give you visibility into your risks: https://thehackernews.com/2025/02/what-is-attack-surface-management.html

🔒 PyPI Introduces Archiving for Projects!

PyPI now lets developers archive projects, signaling they won’t receive future updates.

This helps prevent the spread of outdated or vulnerable packages--huge win for supply chain security.

Full details: https://thehackernews.com/2025/02/pypi-introduces-archival-status-to.html

🚨 768 vulnerabilities exploited in 2024—a shocking 20% increase from last year!

These vulnerabilities are being weaponized faster than ever, with nearly 1 in 4 exploited on the same day they were disclosed.

Read the full report: https://thehackernews.com/2025/02/768-cves-exploited-in-2024-reflecting.html

This week’s update covers a broad range of cybersecurity news—from AI risks to law enforcement efforts against cybercrime.

It’s a must-read for everyone.

https://thehackernews.com/2025/02/thn-weekly-recap-top-cybersecurity.html

Google patches 47 Android security flaws, including one actively exploited in the wild!

A critical vulnerability (CVE-2024-53104) lets attackers escalate privileges through USB Video Class driver—watch out for targeted exploitation!

This flaw, tied to the Linux kernel, can lead to memory corruption or arbitrary code execution.

Get the latest security update now: https://thehackernews.com/2025/02/google-patches-47-android-security.html

🚨 Microsoft has issued critical patches for two major security flaws in Azure AI Face Service and Microsoft Account.

These vulnerabilities could let attackers escalate their privileges without authorization, exposing critical infrastructure.

While patched, CVE-2025-21415 had a public exploit.

Learn more: https://thehackernews.com/2025/02/microsoft-patches-critical-azure-ai.html

🚨 A new flaw (CVE-2024-56161) in AMD SEV could allow attackers to load malicious CPU microcode on vulnerable systems.

It exploits improper signature verification, allowing attackers local admin access to tamper with microcode.

Read more: https://thehackernews.com/2025/02/amd-sev-snp-vulnerability-allows.html

🔒 Taiwan Bans DeepSeek AI Due to National Security Risks.

Concern? Cross-border data transmission can compromise sensitive government and critical infrastructure data.

Meanwhile, in just three days, DeepSeek faced multiple waves of DDoS attacks.

Learn more: https://thehackernews.com/2025/02/taiwan-bans-deepseek-ai-over-national.html

🚨 Cyberattacks on cloud infrastructures are evolving fast, and your current security measures may not be enough.

AI-driven workflows and massive data migrations are expanding attack surfaces. Cloud security isn’t just about detection anymore – it’s about prevention.

Read how cloud security will transform in 2025 and beyond: https://thehackernews.com/2025/02/watch-out-for-these-8-cloud-security.html

⚠️ FERRET malware targets macOS users through job scam.

North Korean hackers pose as recruiters on LinkedIn to lure victims. A fake "software update" compromises your system, steals data, and drains your crypto wallet.

Learn more: https://thehackernews.com/2025/02/north-korean-hackers-deploy-ferret.html

🔐 Russian cybercriminals are exploiting new 7-Zip vulnerability (CVE-2025-0411) to target Ukrainian organizations.

This flaw bypasses Windows' MotW protections, allowing remote code execution via malicious archives.

Learn more about the exploit: https://thehackernews.com/2025/02/russian-cybercrime-groups-exploiting-7.html

Python vs. no-code for security automation - a side-by-side breakdown 🔎

Security teams sometimes debate whether to write custom Python scripts or use a no-code platform like Tines for SOAR. Both have their advantages - but how do they compare in real-world automation?

In this blog post, security researcher Conor Dunne shares:

💡 The security, maintenance, and performance trade-offs of each approach
💡 A side-by-side comparison of core automation components - HTTP requests, webhooks, scheduling, and more
💡 A real-world case study: automating a Slack news feed

Read the blog post: https://thn.news/tines-python-automation-fb

🚨 Alert! A malicious package targeting the Go ecosystem has backdoored countless systems—giving hackers remote access.

Despite changes to the original GitHub repository, the malicious version persisted, targeting unsuspecting developers.

👉 Learn more: https://thehackernews.com/2025/02/malicious-go-package-exploits-module.html

⚠️ A newly disclosed vulnerability in Microsoft SharePoint connector could have allowed attackers to harvest user credentials and launch attacks across Power Automate, Power Apps, and Copilot 365.

Learn more: https://thehackernews.com/2025/02/microsoft-sharepoint-connector-flaw.html